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Abstract 

The Hasse-Weil bound is a deep result in mathematics and has found wide applications in 
mathematics, theoretical computer science, information theory etc. In general, the bound is 
tight and cannot be improved. However, for some special families of curves the bound could be 
improved substantially. In this paper, we focus on the Hasse-Weil bound for the curve defined 
hy y'P — y = f{x) over the finite field F^, where p is the characteristic of F,. Recently, Kaufman 
and Lovett [SJ FOCS2011] showed that the Hasse-Weil bound can be improved for this family of 
curves with f{x) = g{x) -I- h{x), where g(x) is a polynomial of degree y/q and h{x) is a sparse 
polynomial of arbitrary degree but bounded weight degree. The other recent improvement by 
Rojas-Leon and Wan [8l Math. Ann. 2011] shows that an extra y/p can be removed for this 
family of curves if p is very large compared with polynomial degree of f{x) and logp q. 

In this paper, we show that the Hasse-Weil bound for this special family of curves can be 
improved if g = p" with odd n which is the same case where Serre [lOj improved the Hasse-Weil 
bound. However, our improvement is greater than Serre’s one for this special family of curves. 
Furthermore, our improvement works for small p as well compared with the requirement of 
large p by Rojas-Leon and Wan. In addition, our improvement finds interesting applications to 
character sums, cryptography and coding theory. The key idea behind is that this curve has the 
Hasse-Witt invariant 0 and we show that the Hasse-Weil bound can be improved for any curves 
with the Hasse-Witt invariant 0. The main tool used in our proof involves Newton polygon and 
some results in algebraic geometry. 
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1 Introduction 


Let X be a nontrivial additive character from to the nonzero complex C*. The Weil bound 
for character sums states that, when the degree m of a polynomial f{x) is co-prime with q, then 
|E(x(/(a;)))| ^ (m — 1) /^/q. The Weil bound for character sums can be derived from the Hasse-Weil 
bound of a special family of algebraic curves, i.e., — y = fix), where p is the characteristic of ¥q. 

Therefore, any improvement on the Hasse-Weil bound of this family could lead to an improvement 
on the Weil bound for character sums. The Hasse-Weil bound is a deep result in mathematics 
and has found wide applications in mathematics, theoretical computer science, information theory 
etc. In general, the bound is tight and cannot be improved. However, in some special cases the 
bound could be improved substantially. For instance, when the ground filed size q is small, the 
bound could be improved up to half of it. There have been various improvements on the Hasse-Weil 
bound. One of the most famous improvements is the Weil-Serre bound m- Recently, Kaufman 
and Lovett O FOCS2011] showed that the Weil bound for character sums can be improved for 
fix) = gix) + /i(x), where gix) is a polynomial of degree <C ^/q and hix) is a sparse polynomial 
of arbitrary degree but bounded weight degree. The other recent improvement by Rojas-Leon and 
Wan [HI Math. Ann. 2011] shows that an extra y/p can be removed if p is very large compared 
with polynomial degree m of fix) and logpq. 


1.1 Our result 


From now on in this paper, we assume that q = p^ for a prime p and an odd integer n ^ 3. Consider 
the trace map Tr from Fg to Fp defined hy a ^ ^bat Tiia^^) = Tr(a*). 

This implies that, for a polynomial fix) G Fg[x], one can find a polynomial gix) = q 5*^* ^ 
such that gi are zero whenever i = 0 mod p and Tr(/(a)) = Tr( 5 r(a)). Thus, we only consider those 
polynomials with nonzero term x*, where gcd(i,p) = 1. 

Now let fix) be a polynomial of degree m ^ 1 over Fg. Without loss of generality, we may 
assume that gcd(m,p) = 1. We consider the cardinality of the set 


Zj := {a G Fg : Tr(/(a)) = 0}. 


Then the Weil bound shows that 


\Zf\- 


€ 


ip - l)(m - 1)^ 


( 1 ) 

( 2 ) 


The main result of this paper is given below. 

Theorem 1.1 (MAIN RESULT). Let g = im — l)(p — l)/2, then one has 


\Zf\-- 

p 


< 


P 


P 


\n/g\-l 

(n-l)/2 


gfaygl 

■ l2^/gJ 

p{>^+l)/2 


ifg > 1 

if9 = ^- 


( 3 ) 


One could not see how largely the bound ([2]) is improved in Theorem ll.il In fact, the improve¬ 
ment could be substantial. We refer this to Example 12.21 and Sections 2.3 and 2.4 for numerical 
illustration. 
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1.2 Our technique 


Our technique for the improvement is through an improvement of the Hasse-Weil bound for the 
algebraic curve. More precisely speaking, we show the improvement through three steps: (i) show 
that the Weil bound for character sums is derived from the Hasse-Weil bound of an algebraic curve; 
(ii) prove that the Hasse-Weil bound for the algebraic curve with the Hasse-Witt invariant 0 can 
be improved; (iii) show by the Deuring-Shafarevich Theorem that the curve — y = f{x) has the 
Hasse-Witt invariant 0. Consequently, we obtain an improvement on the Weil bound for character 
sums. 

Among the above three steps, the critical one is to show an improvement on the Hasse-Weil 
bound for the algebraic curve with the Hasse-Witt invariant 0. In order to achieve this, we analyze 
the Newton polygon of the characteristic polynomial of an abelian verity with Hasse-Witt invariant 
0. Then we employ some fundamental results on factorization of the characteristic polynomial to 
obtain the desired result. 

1.3 Comparison 

We mainly compare our improvement with those by Serre [TO], Kaufman-Lovett [5l FOCS2011] and 
Rojas-Leon-Wan jS] Math. Ann. 2011]. 

The improvement by Serre applies to arbitrary algebraic curve over Fpn with odd n, while our 
improvement only applies to the curve y^ — y = fix) over with odd n. On the other hand, our 
improvement is even greater than the one by Serre for this special family of curves.. The method 
by Serre mainly employs some properties of algebraic numbers. 

The improvement by Kaufman and Lovett works for those polynomial with degree bigger than 
yfq. Thus, the scenario is different. The main idea by Kaufman-Lovett uses Deligne Theorem on 
multivariate polynomials. 

The improvement by Rojas-Leon and Wan shows that an extra can be removed if p is very 
large compared with polynomial degree m of /(x) and log^g. However, our improvement works for 
any characteristic p including p = 2 (see numerical examples of Section 2). The idea of Rojas-Leon 
and Wan involves moment L-functions and Katz’s work on Aadic monodromy calculations. 

1.4 Organization 

Section 2 presents the main result and some applications to character sum, cryptography and coding 
theory. We also show that the Weil bound for character sums can be derived from the Hasse-Weil 
bound oi y^ — y = f[x) in Section 2. We outline the proof of the main result in Section 3 without 
requirement on knowledge of algebraic geometry. In Appendix, we show the detailed proof of the 
main result with requirement on knowledge of algebraic geometry. 
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2 Main result and applications 


2.1 Main result 


The Hasse-Weil bound m provides an upper bound on the number of points of an algebraic curve 
over a finite field Fg in terms of its genus and the ground field size q. The bound was improved by 
Serre m when q is not a square. The rehned bound by Serre is now called the Weil-Serre bound. 
In this section, we show that the Weil-Serre bound can be further improved for a class of curves 
arising from trace when q is not a square. Furthermore, several applications are provided for this 
improvement. 

It is a well-known fact that the cardinality of Zy in ([T]) is equal to {Nf — l)/p, where Nf stands 
for the number of the Fg-rational points on the Artin-Schreier type curve dehned by 


A/: yP-y = f{x). (4) 

Note that the set of the Fg-rational points on Xf is {T’oo} U {(a,/3) S F^ : (3^ — (3 = f{a)}, where 
Poo stands for the “points at infinity”. 

To see this, we note that Poo can be discarded towards counting the cardinality oi Zf. Further¬ 
more, an element a belongs to Zf if and only if there are p elements (3 €¥q such that (a, 13) are 
solutions of the equation (j4|) . 

When applying the Weil bound m to the curve Xf, we have 


\Nf -q-l\ 2gy/q, 


( 5 ) 


where g = (m — I)(p —1)/2 is the genus of Xf. Serre [10] improved the above bound to the following 
Weil-Serre bound 

\Nf -q-l\ ^g[2y/q\. (6) 

It seems that the bound (Hj) is just a small improvement on the Weil bound. However, the improve¬ 
ment could be substantial if m is big. For instance, q = 32 and m = 2001, then the Weil bound 
gives \Nf — (7 — 1| ^ 11, 313, while the Weil-Serre bound gives \Nf — q — 1\ ^ 11, 000. 

Applying the Weil-Serre bound, we get the following bound on the cardinality \Zf\ 


l^/l 



9[2y/q\ 

P 


( 7 ) 


In this paper, we show that the bound ([7|) can be further improved. We repeat the main result of 
this paper is that improves the above bound ([7|) as follows. 


Theorem 2.1 (MAIN RESULT). Let g = {m — l){p — l)/2, then one has 


\Zf\- 


< 


\n/g\-l 

(n-l)/2 


p\n/g\ 

L2U4J 

r,("+l)/2 


ifg > 1 

ifg = ^- 


( 8 ) 


The proof of Theorem 12.11 involves algebraic geometry and algebraic number theory. We will 
outline the proof in the next section in a more elementary way and provide some details in Appendix. 

From the formula of dHj), one cannot see the big difference between the Weil-Serre bound ([7|) 
and our bound dHj). Let us use some examples to illustrate improvement. 
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Example 2.2. (i) Let q = 2^ = 128 and m = deg(/) = 5, then the Weil-Serre bound d?]) gives 

\\Zf\ — 64| ^ 22, while the bound ([8]) gives \\Zf \ — 64| ^ 16. 

(ii) Let q = 3^ = 243 and m = deg(/) = 5, then the Weil-Serre bound d?]) gives \\Zf\ — 81| ^ 20, 
while the bound dll) gives \\Zf \ — 81| ^ 18. 

(iii) Finally, we look at an example of relatively large parameters. Let q = 2^^ and m = 
deg(/) = 5, then the Weil-Serre bound dZ]) gives \\Zf \ — 2^°| ^ 2896, while the bound dS]) 
gives 11Z/1 - 2^01 < 2048. 

From Example l2.2l iiiL we can see that, for some parameters, there could be a big difference 
between the Weil-Serre bound (0 and our bound (jll)- 


2.2 Improvement on the Weil bound for character sum 


It is well-known that every nontrivial additive character from Fg to C* can be represented by 
X/ 3 {x) ■= exp(27riTr(/3a;)/p) for some /3 € F* (see [1]). Let f{x) be a polynomial of degree m over 
Fq with gcd(m,p) = 1 and put g = (m— l)(p— l)/2. Then Xpifi^)) is uniformly distributed when 
y/q ^ m. More precisely speaking, the Weil bound gives 


mxifixm ^ 


m — 1 


Furthermore, applying the Weil-Serre bound dZ]) gives 


\^x&,{X0ifix)))\ ^ ^ 


9[‘^Vq\ 

P 


where Ex^WqiXjsif (x))) is the expectation of X/sifix)) defined by 


(9) 


( 10 ) 


^x&g{Xf^if{x))) = - exp{2TTai/p) 

^ ae¥q aSFp ^ 


( 11 ) 


with Mi 3 f{a) being the cardinality of the set {a £ Fq : Tr(/3/(a)) = a}. Note that Mpf{0) = |Z^^|. 
Now we apply the bound ([H]) to get an improvement to the bound (fTO]) . 

Theorem 2.3. Let g = (m — l)(p — l)/2, then one has 


|lEaeF,(X/3(/(«)))l ^ 


p 

p 


\n/g\-n 


gL2x/gJ 

p\‘n,/g\ 


(n+l) 1‘1—n 


L2V9J 

p(n+l)/2 


if g>'^, 

if 9='^ 


( 12 ) 


for any nonzero element /3 G Fq. 


Proof. For each a G Fp, choose 7 a G Fq such that Tr( 7 a) = a. Then we have Tr(/3/(a)) = a if and 
only if Tr(/3/(a) —7a) = 0. This implies that Mi 3 f{a) = Maj_.y^(0) = \Zgf-.y^\. Thus, Mpf{a) also 
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satisfies the bound dS]). Hence, 


|]EaeF,(X/3(/(a)))| = 






ae¥p 

-E 

q ^ 

aeF„ 


( Mf^f{a) — - I exp(27rai/p) 

aSFp ^ 


Mpf{a) — - I exp(27rai/|?) 


-E 

q ^ 

aeF„ 


1^, 


/3/-7a I 


The desired result follows from Theorem EH □ 

We illustrate our improvement by consider some small examples. 

Example 2.4. Let us consider character sums for polynomials of degree 3 and 5, respectively. 

(i) Let q = 2^ with odd n and let f{x) be a polynomial of degree 3. By Theorem 12.31 for any 


EaeF, x(/(a)) 


/ 2 (^+i)/ 2 . The Weil 


nontrivial additive character x from F 2 " to C*, one has 

bound Q gives an upper bound while the Weil-Serre bound (fT0]l gives an upper 

bound between and 2^”+^)/^. 

(ii) Let 5 = 2"' with odd n and let f{x) be a polynomial of degree 5. By Theorem 12.31 for any 


EaeF„ x(/(a)) 


/ 2("+3)/2. The Weil 


nontrivial additive character x from F 2 >i to C*, one has 

bound dH) gives an upper bound while the Weil-Serre bound ([Hi]! gives an upper 

bound between 2 l "+^)/2 g^j^d 2 ("+^)/ 2 _ 


2.3 Application to cryptography 

In streamcipher, nonlinearity of a function f{x) from F 2 >^ to F 2 'i is an important measure [I]. The 
nonlinearity of a function f{x) is defined as follows. 

The Walsh transfer Wf of f{x) is dehned by 


Wf : F 2 n X F 2 n ^ C; (a, 6 ) ^ (_i)a/(x)+ 6 x_ ^^ 3 ^ 

X^¥2n 

Then the Walsh spectrum of / is the image set {Wf{a,b) : a G F^n, b G F 2 "}. The nonlinearity, 
denoted by NL(/), of f{x) is defined by 

NL(/) := 2"-‘- I max \Wf(a,b)\. (14) 

2i (a,6)^1^271 ^^2^ 

In fact, the Walsh transformation Wf{a, b) is nothing but 2 times the expectation of xi{(^f{x) + bx), 
i.e., IT/(a,6) = 2Ea;gF2n (xi(a/(a:) -|- bx)). Thus, The nonlinearity NL(/) of f{x) can be expressed 
in terms of the expectation of + bx), i.e., 

NL(/) = 2"“^ - max \E^(z¥^^{xi{af{x) + bx))\. (15) 

(a,6)sF2n xF2n 
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For an odd n, it can be proved that NL(/) is upper-bounded by 2” ^ [T]. Thus, if 

deg(/) = 3, i.e., the curves defined in (jl]) is an elliptic curve, then by Theorem 12.11 one has 


NL(/) = 2" - max \E^(zr^r,{xi{af{x) + bx))\ 

(a,b)£¥^n xF2ti 


^ 2^—1 2 ^"^— 


^2(’^+2)/2j 

2(^+1)/2 


_ 


Hence, by the upper bound, we have NL(/) = 2”“^ — for polynomials / of degree 3, i.e., 

polynomials of degree 3 produce the highest nonlinearity. Previously, polynomials of degree 3 are 
usual candidates for functions with highest nonlinearity. Now let us look a polynomial / of degree 
5 and by the bound (fT^ 


NL(/) = 2"-^- 


max 


(a,&)EF2n XF2n 


|lExeF2n(xi(a/(a:) +bx))\ 




2[2("+2)/2J 

2(«+1)/2 


_2^~^_ 


Thus, polynomials of degree 5 also produce functions with the highest nonlinearity. This enlarges 
the pool of functions with the highest nonlinearity when people search for functions with the 
highest nonlinearity together with other cryptographic properties such as algebraic degree, algebraic 
immunity, etc. [T]. 


2.4 Application to coding 

Many codes such as BCH codes, classical Goppa codes and Reed-Muller codes can be realized as 
trace codes. In fact, every cyclic code can be represented as a trace code in a natural way m- 

Let V := {ai,a 2 , ■ ■ ■ ,a:Ar} be a subset of Fg of cardinality N. For a polynomial f{x) G Fg[3:], 
we denote by Tr-p(/) the vector (Tr(/(ai)), Tr(/(a 2 ))! ■ ■ ■, Ti’(/(a 7 v)))- For an Fp-subspace V of 
Fg[x], we denote by Tr-p(F) the trace code {Tr-p(/) : / G F}. Let us warm up by looking at a 
small example first. 

Example 2.5. Consider the binary code Tr-p(F), where V consists of all elements in Fi 28 , and 
V = {f{x) G Fi 28 [a:] : deg(/) ^ 5}. note that Tr-p(x) = Tr-p(x^) = Tr-p(x'^). Then it is easy to 
see that 'Jh:'p{V) has a basis {(1,1,... , 1)} U {Tr 7 o(ajX-^)}i<gj,g 7 j=i^ 3 ^ 5 , where {ai, a 2 , ■ ■ ■, a?} is an 
F 2 -basis of Fi 28 - Thus, EipiV) is a binary [128, 22]-linear code. To see the minimum distance, let 
/ be a nonzero polynomial of degree m with m ^ 5 and gcd(m, 2) = 1. By the Weil-Serre bound 
we know that the number of zeros of Tr-p(/) can be at most 64 + 22 = 86, thus we get a lower 
bound on minimum distance, i.e., d ^ 128 — 86 = 42. However, by our bound in Theorem 12.11 we 
get a lower bound d ^ 128 — (64 + 16) = 48. This achieves the best-known bound [2]. In fact, 
the software Magma verifies that this code indeed has minimum distance 48. In other words, our 
bound ([8]) is tight in this case. 

Next we study dual codes of primitive BCH codes. 

Example 2.6. Let a be a primitive element of Fg and let BCH(t) be a Terror correcting p-ary 
BCH code of length N = q — l=p'^ — l. Then by Delsarte’s Theorem [^, the dual BCH(t)-*- can be 
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represented as the trace code Tr-p(y) [12], where V consists of all q—\ nonzero elements of Fg, and V 
is the Fq-vector space generated by {l,x,x^,..., x^}. If i is divisible by p, then Ti-p{x^) = Tr-p(a:*/^). 
Thus, BCH(t)-*- is generated by {(1,1,... , 1)} U {Tr-p(Q:jX'^) : 1 ^ j ^ t, p \ j, 1 ^ i ^ n}, where 
{«!, 02 ,..., On} is an Fp-basis of Fq. Hence, the dimension of BCH(t)-*- is at most 1 + n{t — [t/p\). 
On the other hand, if t < ^/q/ip — 1), then by the Weil-Serre bound d?]), Tr-p(/) / 0 for any 
/ € H \ {0} with gcd(deg(/),p) = 1. This implies that the dimension of BCH(t)-*- is exactly 
1 + n{t — [t/pj) for t < ^Jqjij) — 1). By the bound ([8|), we obtain a lower bound on minimum 
distance of BCH(t)-*-, namely 


(BCH(t)- 




p” — 1 — p” ^ 

p"- _ 1 _ 


_ plVsl-l 


g[2V<i\ 

pl"/9l 

L2x/gJ 

p(n+l)/2 


if p > 1 
if 5 = 1, 


(16) 


where g = (p — l)(t — l)/2 if p f t and p = (p — l)(t — 2)/2 if p|t 

Now we add all-one vector 1 to BCH(t)-*-, then we get a code Cp(t,n) generated by 1 and 
{Tr-p(x*) ; 0 ^ z ^ 2t, p /|i}. The dimension of C increases by 1, i.e., 1 -|- n{t — [t/pj) for 
t < y^/(p — 1) and the lower bound (fT6l) on the minimum distance still holds for Cp{t,n). 

Let us illustrate the parameters of our code C by looking at some numerical results. Taking 
p = 2, t = 4 and re = 5, we get a binary [31,11, ^ ll]-linear code C2(4, 5). This is a best possible 
code in the sense that for given length 31 and dimension 11, the minimum distance can not be 
improved [2]. 

If p = 3, t = 3 and re = 3, then (173(3,3) is a ternary [26,7,^ 14]-linear code. It is also an 
optimal code |2|. 


Example 2.7. In this example, we consider the duals of classical Goppa codes. Let q = p^ and let 
L = Fq = {ai, 02 ,..., Oq}. Let p(x) be a polynomial of degree t with gcd(t,p) = 1 and g{ai) / 0 
for all z = 1, 2,..., p. Then the classical Goppa code r(L, p) defined by 


^iL,g) = { (ci,C2, 


z) e 


F” 

p 


E 

i=l 


Ci 


X — ai 


= 0 mod g{x) 


is a p-ary linear code of length q = p”. By Delsarte’s Theorem |6|, the dual r(L,p)“’- can be 
represented as the trace code {(Tr(z;i/(ai)), (Tr(ni/(ai)),..., (Tr(z;i/(aq))) : / e Fq[x], deg(/) ^ 
t — 1}, where Vi = g{ai) [T2|. It is clear that r(L,p)-*- is equivalent to Tr-p(l/), where V consists 
of all q elements of Fq, and V is the Fq-vector space generated by {1, x, ..., x^~^}. In the same 
way, we have that the dimension of r(L,p)-*- is exactly 1 -|- n{t — [(t — l)/pj) for t < ,/q/{p — 1). 
By the bound ([8|), we obtain a lower bound on minimum distance of r(L,p)-’-, namely 


d(r(L,p)^) ^ 


pU _ pTL—l 


_ P^ ^ 


_ p\n/g]-l 
p\{n-l)/2 


gL2v^J 

pln/gl 

L2V7J 

p("+l)/2 


if p > 1 
if 5 = 1, 


(17) 


where p = (p — l)(t — 2)/2 if pf (t — 1) and p = (p — l)(t — 3)/2 if p|(t — 1) 

Taking p = 5, t = 2 and re = 3, we get a 5-ary [125, 7, ^ 95]-linear code. This is a best possible 
code in the sense that for given length 125 and dimension 17, the minimum distance can not be 
improved [2]. 
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3 Outline of the proof of the main result 


The main objective of this section is to outline the proof of our Main Theorem 12.II in more elemen¬ 
tary way. 

3.1 L-polynomial 

The Artin-Schreier type curve Xf defined in Q is just an example of general algebraic curves. The 
curve Xf is defined over ¥q and of course it can be regarded as a curve over arbitrary extension 
Fgi for every i ^ 1. Let Nf(i) denote the number of F^i-rational points on Xj, i.e., Nf(i) stands 
for the size of the set of F^i-rational points {Poo} U {(a,/3) G F^i : (3^ — = f{a)}. Then one 

can define the zeta function of Xf by C/(P) ■= exp ■ If "'^^s proved by Weil [HI that 

Cf{T) is a rational function of the form where Lf{T) G Z[r] is a polynomial of degree 

2g = (m — \){p — 1). Furthermore, L/(0) = 1 and every reciprocity root of LfiT) has absolute 
value yfq. 

If we write Lf{T) = Y^i=o then oq = Lj(0) = 1 and Uj+g = q^ai for every all 0 ^ i ^ S'. In 
particular, the leading coefficient a 2 g = ■ 

Definition 3.1. Let Lf{T) = he the L-polynomial of Xf. Then the Hasse-Witt invariant 

of Xf, denoted by ixf, is defined to be the maximal j such that aj ^ 0 modp, i.e., 

iXf = maxjO ^ j ^ g '■ aj ^ 0 mod p}. (18) 

Since oq = 1, we have ixf ^ 0. On the other hand, we clearly have ixf ^ g- 
Lemma 3.2. The Hasse-Witt invariant ixj for the curve Xf defined in m is 0 . 

We refer to Lemma IA.4I for the proof of Lemma 13.21 

3.2 Newton polygon 

Denote by Qp the p-adic held. It is the completion held of the rational held Q at prime p. The unique 
discrete valuation in Qp is again denoted by Vp. The Newton polygon of a polynomial u{x) G Qp[x] 
over the local held Qp provides information on factorization of u{x) over Qp. We briehy describe 
the Newton polygon method in this subsection. The reader may refer to m Section 3.1] for the 
details. 

Let u{x) = uo + uix3-- ■ ■ -\-Umx'^ be a polynomial over Qp with uoUm 7 ^ 0. For each 0 ^ ^ m, 

we assign a point in as follows: (i) if Ui 7 ^ 0 , take the point (f, Vp{ui))-, (ii) if Ui = 0 , we ignore the 
point (i, 00). In this way, we form an envelope for the set of points {(z, Vp{ui)) : z = 0,1, 2,... , mj. 
The polygon thus determined is called the Newton polygon. 

Lemma 3.3. Suppose {r,Vp{ur)) G7 {s,Vp{us)) with s > r is a segment of the Newton polygon of 
u{x) with slope —k. Then u{x) has exactly s — r roots ai,a 2 ,... ,ois-r with np{ai) = i'p{a 2 ) = 

• • • = Vp{as-r) = k. Moreover, the polynomial a(x) := n£i(^ “ w) belongs to Qp[x]. 

Now if h{x) G Qp[a;] is an irreducible factor of a{x) in the above lemma, then i/p(/z(0)) = 
k deg{h{x)) ^ A;deg(a(a;)) = k{s — r). 






3.3 Weil number 


Definition 3.4. (i) An algebraic number a; is called a g-Weil number if lo and all Q-conjugates of 

u have absolute value y/q (by a Q-conjugate of to, we mean a root of the minimal polynomial 
of uo over Q). 

(ii) A monic polynomial ^{T) over Z[T] is called a < 7 -Weil polynomial if it has an even degree and 
all its roots are g-Weil numbers. 

(iii) The Hasse-Witt invariant of a g-Weil polynomial ^{T) = ^ defined to be 

the maximal j € [ 0 , g] such that Cj ^ 0 mod p. 

Lemma 3.5. A q-Weil polynomial <h(t) must have the form 

2g 

C2g-it'‘ £ Z[t] with C2g = q^ and C2g-i = q^'Ci for all i = 0,1,g. (19) 

i=0 

Proof. First, note that the product of two polynomials of the form (I19p still has the form (USD. 
Hence, it is sufficient to show that an irreducible g-Weil polynomial 4>(T) over Z has the form 
(USD. Let a; be a root of 4>(T). If a; is a real number, we must have u = y/q or —y/q. Thus, 
$(T) = (T — y/q){T + y/q) =T'^ — q. In this case, <h(T) has the form (fTSI) . 

If CO is not a real number, we may assume that all Q-conjugates of co are {wijtDi,... ,ujg,cdg}, 
where coi are complex conjugate of coi. By definition of a 5 -Weil polynomial, we have <h(T) = 
nuiT — uJi){T — uji) and \uji\ = \uji\ = y/q for all 1 ^ ^ gf. The desired result follows from the 

following identity 



Note that we use the fact that -2- = a;* in the above identity. □ 

Lemma 3.6. Let $(T) is a q-Weil polynomial with Hasse-Witt invariant equal to 0 and let ^(T) 
be a divisor o/<h(T) which is also a q-Weil polynomial. Then T(T) has Hasse-Witt invariant equal 
to 0 as well. 

Proof Let 4>(r) = E?=oC2g-iT^ G m and let T(T) = Eto “ar-iT* G Z[r]. Put 4>(r)/T(r) = 
Eto b 2 s-iE G Z[r]. Then r + s = g. 

Suppose that T (T) has Hasse-Witt invariant bigger than 0. Let i be the largest index such that 
= 0. Then 1 ^ z ^ r. Let j be the largest index such that Vpibj) = 0 for some 0 ^ j ^ s. 
Consider 

Ci+j = akbi = aibj + akbi. ( 20 ) 

k+l=i+j 

Every term in the summation of the above equation (|20p is divisible by p, while Oibj is not divisible 
by p. Thus, Cj+j is not divisible by p. This is a contradiction to our condition. □ 
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3.4 Characteristic polynomial 

Let Lf{T) = be the L-polynomial of Xf. By abuse of notation, the reciprocal polynomial 

Lf{T) = of 'b/(r) is called the characteristic polynomial of Xj (in fact, Lf{T) is the 

characteristic polynomial of the Jacobian of the curve Xf (see Appendix)). Then it is clear that 
every root of Lf{T) is a Weil number and Lf{T) is a o'-Weil Polynomial. 

Lemma 3.7. If the characteristic polynomial Lf{T) of Xj is canonically factorized into product 
L{T) = of powers of irreducible polynomials over Q, then the power e is the least common 

denominator of np{h{0))/n, where h{T) runs through all irreducible factors of riT) inQp[x]. 

We refer Lemma 13.71 to Theorem IB. 31 

Theorem 3.8. Assume that the characteristic polynomial Lf{T) of Xj is canonically factorized 
into product L{T) = n r(TY over Q. Write r{TY = YaLq b 2 g-iT^ G Z[T]. Then Vpibi) ^ n/g if g 
is bigger than 1. 


Proof. We outline the proof here. We refer to Theorem 1C.21 for the detailed proof. 

Let r(T) = G Z[r]. Since e is the least common denominators of Vp{h{ff))/n for 

all irreducible factors h{T) of r[T) over Qp, we consider the Newton polygon of the polynomial 
r(r). By identifying one particular segment (2r — i,Vp{ai)) 0 (2r, 0) for some 1 ^ i ^ r and its 
slope —Vp{ai)li, one obtains a lower bound on Vp{ai) for some 1 ^ i ^ g. Furthermore, the slope 
—t'p(oi) of the segment (2r — 1, t'p(ai)) -H- (2r, 0) is at most the slope —VpiaYji. This gives a lower 
bound on t'p(ai). The desired result follows from this lower bound on np{ai). □ 


Theorem 3.9. Let Lf{T) = G Z[r] be the characteristic polynomial of the curve Xj 

defined in ("??) with g = {m — l){p — l)/2. Then we have 


i^p(ai) ^ 


n 

9 

n+l 

2 


if g>'^ 

if 9 = ^ 


Proof. By Lemma 13.21 we know that Lf{T) is a g-Weil polynomial with Hasse-Witt invariant 
equal to 0. If ^ = 1, then we must have p = 2 or 3. In this case, the desired result follows 
from na Theorem 4.1]. Now assume that g ^ 2. Factorize LfiT) into a product 0^=1of 
co-prime g-Weil polynomials such that every ^i{T) is a power of an irreducible polynomial over 
Q. Let $i(r) = Yf^j%ai^ 2 gi-jTY Then we have r'p(ai,i) ^ mm{n/gi,{n + l)/2} ^ n/g for all 

i = l, 2 ,...,k. Thus, we have i/p(ai) = i/p ^ ^ n/fi(. □ 


Proof of the Main Result (Theorem 12.1|) : Let Lf{f) = Yfi=o^ 2 g-iT^ G Z[r] be the 
characteristic polynomial of Xf with g = [m — l)(p — l)/2. First we note that \Nf — q — \\ = joij. 
Combining Theorem 13.91 and the Weil-Serre bound, we get 


jiVp - g - 1| ^ 


p\n/g^ 

pin+l)/2 


’plWsT 

9L2V7J 

p("+l)/2 


if 9 > 1 
if 5 = 1. 


The desired result follows from the fact that \Zf \ = {Nf — l)/p. 


□ 
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Appendix 


A Algebraic curves and Hasse-Witt invariants 

Throughout the Appendix, we assume that A is an absolutely irreducible, projective and smooth 
algebraic curve over of genus g. Then it can be regarded as a curve over ¥gi for any i ^ 1. 
Denote by Nx{i) the number of F^i-rational points. Then one can define the zeta function of A by 

( 21 ) 

It was proved by Weil [H] that Cx{T) is a rational function of the form where Lx{T) S 

Z[T] is a polynomial of degree 2g. Furthermore, Lx{0) = 1 and every reciprocity root of Lf{T) has 
absolute value 

If we write Lx{T) = then oq = Tj(0) = 1 and Oj+g = q^ai for every all 0 ^ ^ 5 . 

In particular, the leading coefficient a 2 g = q^- 

We need some preliminaries and background on algebraic geometry, in particular, abelian va¬ 
rieties in this Appendix. The reader may refer to piiaE] for some basic results on curves and 
abelian varieties. 

In Section 3.1, we defined the Hasse-Witt invariant of A through the L-polynomial of A. 
Actually, it is more proper to define it in terms of p-torsion points of its Jacobian. For an algebraic 
curve A over Fg of genus g, we denote by Jx the Jacobian of A. Then Jx is an abelian variety over 
Fg of dimension g. Let J'x{¥g) and j7jr(Fg) be the groups of the Fg-rational points and Fg-rational 
points on A, respectively. 

Definition A.l. Denote by Jx\p] the subgroup of the p-torsion points of Jx{¥q), then one has 
|j7’;rb]l = some integer r with 0 ^ r ^ g. The integer r is called the Hasse-Witt invariant of 

A, denoted by ix- 

For each abelian variety A over Fg, we can consider the Frobenius morphism tta which sends 
every coordinate of a point on this variety to its gth power. The characteristic polynomial <I>^ 
of TiA over the local field Qp is called the characteristic polynomial of A (see Had)- It is, in 
fact, a polynomial over Z. Furthermore, if A is the Jacobian of an algebraic curve A/Fg, then the 
characteristic polynomial of A is in fact the reciprocal polynomial of the L-polynomial of A. 

The following result given in m characterizes ix in terms of the characteristic polynomial of 
Jx- 

Proposition A.2. Let ^x{t) = be the charaeteristic polynomial of Jx- Then ix is 

the maximal j such that aj ^ 0 modp, i.e., 

ix = max {0 ^ j ^ g ■ aj ^ 0 mod p}. 

Theorem A.3 (Deuring-Shafarevich (see e.g. [3]))- Aef E,F be the function fields of two curves 
A/Fg and T/Fg, respectively. Assume that E/F is a Galois extension of function fields and the 
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Galois group of this extension is a p-group. Then 

i;:,-l = [E:F]{iy-l)+J2Yl - !)• 

p&yQ&x 

Q\P 

Lemma A.4. The Hasse-Witt invariant ixf for the curve Xj defined in ^ is 0. 

Proof. Let F be the rational function field of the projective line and let F be the function field 
¥q{Xf) of Xf. The only ramified point is the unique point oo lying over the pole of x. Moreover, 
the ramification index is p. Thus, by the Deuring-Shafarevich Theorem, we have 

iXf - i = [E : F](0 -l)+p-l=px{0-l)+p-l = -1, 


i.e., ixf = 0 . □ 

B Abelian varieties 

We introduce a few definitions now. 

Definition B.l. (i) An abelian variety is called elementary or simple if it has no subvarieties. 

(ii) Two abelian varieties over ¥q are said isogenous if they have the same characteristic polyno¬ 
mial. 

The characteristic polynomial of an abelian variety over ¥q is a 5 -Weil polynomial. Thus, by 
Lemma [,1.51 the characteristic polynomial of an abelian variety over Fq of dimension g has the form 
Yl^i=QO, 2 g-iT^ G Z[T] with oq = 1 and a 2 g-i = q^~^ai for i = 0,1,..., S'. The following well-known 
result (see m) provides information on factorization of characteristic polynomials of an abelian 
varieties. 

Theorem B.2. Every abelian variety is isogenous to a product of elementary abelian varieties, 
i.e., the characteristic polynomial of every abelian variety is a product of characteristic polynomials 
of elementary abelian varieties. 

In view of the above theorem, it is sufficient to consider elementary abelian varieties in our case 
(see [T3]i. 

Theorem B.3 (Tate-Honda). There is one-to-one correspondence between isogeny classes of el¬ 
ementary abelian varieties over¥q and conjugacy classes of q-Weil numbers. More precisely, a 
polynomial $(r) is the characteristic polynomial of an elementary abelian variety over Fq if and 
only if ^(T) = r[TY for some irreducible polynomial r{T) G Z[T] with all roots being q-Weil num¬ 
bers and e is the least common denominators of Vp{h{Q))/n, where h{T) runs through all irreducible 
factors over Qp. 
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C Abelian varieties with Hasse-Witt invariants 0 


The following result plays a crucial role. 

Theorem C.l. Let ^a{T) = YAiohg-iT^ € Z[r] be the characteristic polynomial of an elemen¬ 
tary abelian variety A with Hasse-Witt invariant equal to 0. If the dimension g of A is bigger than 
1, then Vp{bi) ^ n/g. 

Proof. By Theorem IB.31 we know that every elementary abelian variety A has the characteristic 
polynomial of the form = r[TY for an integer e ^ 1 and a monic irreducible polynomial 

r(T) over Z. 

If r{T) has a real root, then this root must be In this case, we have that r{T) = 

(T — y/q){T + y^) =T^ — q. Hence, 6i = 0 and the desired result follows. 

Now we assume that all roots of r{T) are not real. Then it is clear that the degree of r(T) is 
even. Let r{T) = YliLo (^ 2 r-iH with g = er. To analyze Vp{ai), we look at the Newton polygon of 
r(T). By our assumption, we know that t'p(aj) > 0 for all 1 ^ i ^ r. 

Define the set 

/ := {1 ^ ^ r : r'p(oi) ^ in/2} 

and 

J := {1 ^ j ^ r : np{aj) < jn/2}. 

If 1 G /, then i'p(ai) ^ n/2 ^ n/g. Hence, = np{e) + r'p(ai) ^ n/g. 

Now assume that 1 G J. We claim the following. 


There exists 1 ^ ^ r such that 


Vp{ai) 


< mm 
rH-l^£^2r 



( 22 ) 


First of all, t'p(oi) < n/2 = Up{q^)/2r = Vp{a 2 r)/2r . Hence, to prove the inequality (12^ . it 
is sufficient to prove that for every I G {r + 1, r + 2,..., 2r — 1}, there exists j & J such that 
Vp{ai)/I > np{aj)/j. Note that, since lU J = {1, 2,...,r}, thus i = 2r — k with k in I\{r} or in J. 

Then for every i G / \ {r} and j G J, we have 


Vp{a 2 r-j) _ i^p{aj) + {r - j)n ^ Vp{aj) 
2r — j 2r — j j 

and 

Vp{a 2 r-i) _ Vp{ai) + (r - i)n ^ ^ 

2r — i 2r — i ^2 j 

Our claim follows. 

Now let 0 ^ ^ r be the largest index such that 


i 


min 


j 
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then (2r—z, Vp{ai)) i —)• (2r, 0) forms a segment in the Newton Polygon of r[T) with slope —Vp{ai)li. 
Assume that h{t) is an irreducible factor of r[T) in Qp[t] corresponding to this segment. Then we 
have h'p{h{0)) ^ x (2r — (2r —i)) = Vp{ai). Assume that ^ with gcd(A:,^) = 1. Then 

we have e ^ i and 


Up{ai) ^ I'pihiO)) = n X 


i/p(/i(0)) 


kn 

I 


= — > 


kn 




n 

e 


(23) 


Since (2r — i, np{ai)) -k 
of the segment (2r — l,t'p(ai)) -f 
i,np{ai)) i —^ (2r, 0), i.e., 


n i e 

> (2r, 0) forms a segment in the Newton Polygon of the slope —Vp{ai) 
> (2r, 0) is at most the slope —Vp{ai)li of the segment (2r — 



n n 


le re 


n 

g' 


Hence, Vp{hi) ^ r'p(e) + t'p(ai) ^ This completes the proof. 


□ 


Corollary C.2. Assume that L{T) is the reciprocal polynomial of the L-polynomial of an algebraic 
curve A overWg. Let L(T) have the canonical factorization into product WriTy. If the Hasse-Witt 
invariant of X is 0, then vp{ai) ^ n/g, where r{TY = with g > 1. 
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